[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Not a bug but features
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Not a bug but features
- From: john miller <johnm_(_at_)_CHI-LLC_(_dot_)_com>
- Date: Fri, 25 May 2001 11:00:03 -0700
Actually I shoulda been more clear on the per file encryption as I was
meaning somthing similiar to the bestcrypt style mountable virtual
partition/drive system, can bdes perform that type of function?
While encryption in and of itself is definetly not the end means in
securing your data, I'm still not convinced that having the option to
encrypt your entire harddrive, or partitions is worthless. To me it
seems like it can be a valuable step in a larger overall security
Take our company laptops for example, other steps we do take including
tattooing, bonding and registering STOP tags on the laptops to try and
disuade casual theft, along with other methods of computer storage,
usage and transport policys, secure password policies, normal network
security policies etc all as small steps in an over all security plan
to protect out data at least as much as we resonably can.
As for your points as to why our harddrive encryption usage doesn't
make sense, well sure you can steal one of our laptops but if you can
'honestly' break a 128-256 bit blowfish key in 12hrs, I'll not only
agree with you 100% but I'd be wondering why your not only working for
but also running the NSA or some othe such agency.
When you consider that we are not a large company and that our only
real competitor in our very very niche market in the computing field is
even smaller than we are, then I highly doubt that they have the
computing power to do what even distributed.net has yet to do (arn't
they still working on 56 and 64bit keys in various algorithyms and it
still takes them weeks to many months somtimes for a single key?).
Granted our competitor could use Tempest style attacks on us to try and
retrive our data but again it comes down to do they even have the
money, the technical know how and the time to even implement such an
attack on us? Other than the NSA along with other secretive govt.
organisations and high level security consultants who like to
demonstrate that Tempest style attacks are possible, how often do you
really think that type of data theft happens in the general business
world? (Granted if we were developing the holy grail of alternate and
unlimited power that could totally replace the current fossil fule and
electricity cartels then yes I could definetly see someone using that
I agree that there is no way to fully and truly secure your data for a
determined thief or unknown agency, but it's just like a house. You
don't put a lock on a house to keep thieves out (another impossible
task), you put a lock on to keep honest people honest.
As far as
On Friday 25 May 2001 09:31, you wrote:
> At 7:43 AM -0700 5/25/01, john miller wrote:
> >I'd like to see options for both per file and entire disk/volume
> > encryption in OpenBSD.
> per file encryption is already installed in openBSD. Try bdes for
> >Currently we use full disk encryption on our Win9x, Win2k laptops
> >at work using a product called Pointsec from
> > http://www.pointsec.com.
> Okay, this does not make good sense. I steal the notebook, now what?
> I've got your data and 12 hours later it's free and clear.
> If your data MUST be kept physically secure then why not buy a secure
> notebook? Like from IBM? They make a notebook that is little known
> that has lost of physical security features. Like a HDD destruction
> if the drive is removed without a special key.
> None of this stuff even comes close to truly securing data. There is
> absolutely not way to do it. It simply cannot be done, period. Any
> encryption or security measure you take can be defeated by thieves.
Visit your host, monkey.org